Git-Mirrors/keepassxc
1
0
Fork 0
mirror of https://github.com/keepassxreboot/keepassxc.git synced 2025-05-17 14:00:36 -04:00
Code Issues Projects Releases Packages Wiki Activity

Ensure challenge-response key buffer is properly cleared.

Browse source 
The challenge-response key buffer is explicitly cleared
before the key transformation if no such key is configured
to ensure one is never injected into the hash even if the
database had a challenge-response key previously.

This patch also adds extensive tests for verifying that a
key change will not add any expired key material to the hash.

Fixes #4146
This commit is contained in:
Janek Bevendorff 2020-01-10 02:11:43 +01:00
parent cba8947ee8
commit 247ebf5a35
7 changed files with 235 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/core/Database.cpp
View file

@ -651,6 +651,9 @@ bool Database::challengeMasterSeed(const QByteArray& masterSeed)
bool ok = m_data.key->challenge(masterSeed, response);
if (ok && !response.isEmpty()) {
m_data.challengeResponseKey->setHash(response);
} else if (ok && response.isEmpty()) {
// no CR key present, make sure buffer is empty
m_data.challengeResponseKey.reset(new PasswordKey);
}
return ok;
}